Search:Vulnerability:24.10.2007 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

RSA Keon crossite scripting
Published: 24.10.2007
Source: BUGTRAQ
SecurityVulns ID: 8290
Type: remote
Level: 5/10
Description: Crossite scripting in Request-spk.xuda and Add-msie-request.xuda components.

Original document Fatih Ozavci, [GS07-02] RSA Keon Multiple Cross-Site Scripting Vulnerabilities (24.10.2007)

Discuss: Read or add your comments to this news (0 comments)

IBM Lotus Notes multiple security vulnerabilities
updated since 23.10.2007
Published: 24.10.2007
Source: BUGTRAQ
SecurityVulns ID: 8286
Type: client
Level: 7/10
Description: Buffer overflow on viewing of different attachment types, information leak between local users thorugh memory mapped files.

Affected: IBM : Lotus Domino 6.5
IBM : Lotus Notes 7.0
IBM : Lotus Notes 8.0
CVE: CVE-2007-5544
CVE-2007-4222
CVE-2007-3510

Original document IDEFENSE, iDefense Security Advisory 10.23.07: IBM Lotus Domino IMAP Buffer Overflow Vulnerability (24.10.2007)

IDEFENSE, iDefense Security Advisory 10.23.07: IBM Lotus Notes Client TagAttributeListCopy Buffer Overflow Vulnerability (24.10.2007)

SYMANTEC, SYMSA-2007-013: Lotus Notes Memory Mapped Files Vulnerability (23.10.2007)

document TAN Chew Keong, [vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities (23.10.2007)

Files: IBM Lotus Domino - IMAP4 Mailbox Name Stack Overflow Exploit
Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 24.10.2007
Published: 24.10.2007
Source:
SecurityVulns ID: 8287
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Original document morin.josh_(at)_gmail.com, Novell OpenSUSE SWAMP multiple XSS (24.10.2007)

joseph.giron13_(at)_gmail.com, Bosdev Multiple vulnerabilities (24.10.2007)

pete.houston.17187_(at)_gmail.com, [Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar (24.10.2007)

Advisory_(at)_Aria-Security.net, Aria-Security.Net [Web based alpha tabbed address book SQL Injection] (24.10.2007)

document joseph.giron13_(at)_gmail.com, Aleris Software Systems Web Publisher Calendar SQL injection (24.10.2007)

Advisory_(at)_Aria-Security.net, [Aria-Security.Net] CodeWidgets.Com Online Event Registration Multiple login SQL Injection (24.10.2007)

Advisory_(at)_Aria-Security.net, OSI CODES - PHP Live! Remote File Inclusion (24.10.2007)

Discuss: Read or add your comments to this news (0 comments)

Debian Linux reprepro authentication bypass
Published: 24.10.2007
Source: BUGTRAQ
SecurityVulns ID: 8288
Type: m-i-t-m
Level: 5/10
Description: Unkonwn package signatures are not checked .

Affected: REPREPRO : reprepro 1.3
CVE: CVE-2007-4739 (reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.)

Original document DEBIAN, [SECURITY] [DSA 1394-1] New reprepro packages fix authentication bypass (24.10.2007)

Discuss: Read or add your comments to this news (0 comments)

HP OpenView unauthorized access
Published: 24.10.2007
Source: BUGTRAQ
SecurityVulns ID: 8289
Type: remote
Level: 6/10
Description: HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM) unauthorized access thorugh httpd.tkd.

Affected: HP : OpenView Configuration Management Infrastructure 4.0
HP : OpenView Configuration Management Infrastructure 4.1
HP : OpenView Configuration Management Infrastructure 4.2
HP : OpenView Client Configuration Manager 2.0
CVE: CVE-2007-5413 (httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root.)

Original document HP, HPSBMA02279 SSRT071298 rev.1 - HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM) Running httpd.tkd, Remote Unauthorized Access to Data (24.10.2007)

Discuss: Read or add your comments to this news (0 comments)

Microsoft Windows TCP/IP stack IGMP DoS
updated since 15.02.2006
Published: 24.10.2007
Source: MICROSOFT
SecurityVulns ID: 5771
Type: remote
Level: 6/10
Description: System hangs on malformed IGMPv3 packet.

Affected: MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server
MICROSOFT : WIndows Mobile 5.0
MICROSOFT : Windows CE 5.01
CVE: CVE-2006-0021 (Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via certain malformed IGMP packets, aka the "IGMP v3 DoS Vulnerability.")

Original document SYMANTEC, SYMSA-2007-012: Microsoft Windows CE IGMP Denial of Service (24.10.2007)

Алексей Синцов, igmp v3 dos (18.03.2006)

MICROSOFT, Microsoft Security Bulletin MS06-007 Vulnerability in TCP/IP Could Allow Denial of Service (913446) (15.02.2006)

Files: MS06-007 Denial of Service POC exploit (for Linux)
IGMP v3 DoS Exploit (MS06-007) by Alexey Sintsov
Microsoft Security Bulletin MS06-007 Vulnerability in TCP/IP Could Allow Denial of Service (913446)
Discuss: Read or add your comments to this news (0 comments)

Miranda instant messenger multiple security vulnerabilities
Published: 24.10.2007
Source: FULL-DISCLOSURE
SecurityVulns ID: 8291
Type: remote
Level: 6/10
Description: Yahoo! messenger plugin multiple buffer overflows.

Affected: MIRANDAIM : Miranda IM 0.6
MIRANDAIM : Miranda IM 0.7
CVE: CVE-2007-5543
CVE-2007-5542

Original document Research, [Full-disclosure] Miranda IM Multiple Buffer Overflow Vulnerabilities (24.10.2007)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server